Cyber and Privacy
Coming out of the shadows
Cybersecurity and privacy is an emerging risk faced by Australian businesses, with laws and regulations being revamped in response to the threat.
We have the experience and expertise to support you with your end-to-end cyber lifecycle needs, from helping you with your privacy policies and technology contracts, to data collection, use and storage, all the way to assisting data breaches as well as post breach compliance.
Our multi-disciplinary specialist teams provide a suite of services including:
- the Intellectual Property & Technology Group that advises on Data Security (including strategic advice on data security laws, advice and negotiating contracts, advice on specific regulations such as the Privacy Act, Prudential Standards (e.g. CPS 231 and CPS 234), Consumer Data Rights, and the Security of Critical Infrastructure Act, advising senior leaders including on data security obligations in the Corporations Act Technology contracts, advice on specific regulations (for example, CPS 231 and CPS 234), and Consumer Data Rights).
- the Cyber Insurance Group that provides expert advice on navigating incident and crisis response, breach coaching, subrogation and recovery options and policy coverage matters to both insureds and insurers. We assist with restoring business functionality in speedy and time effective manner and also assist our client with building their cyber resilience and general overall responsive and cyber preparedness to deal with the ever evolving area. Our unique skills also see us partnering with leading forensic investigations, assessors and PR firms to further assist our clients across the lifecycle of cyber and related matters.
We join forces with corporates, financial institutions and insurers, and government departments and agencies to build cyber resilience. Our ability to leverage the knowledge of comparable clients (both domestic and offshore) and our understanding of all key software solutions, platforms and providers, enables us to engage with you as an authentic partner that can drive solutions.
Our Privacy specialists deliver privacy-related advice and support to government and private sector clients on compliance with Commonwealth and state government privacy legislation including the Privacy Act 1988 (Cth) (Privacy Act), the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) and the Telecommunications (Intercept and Access) Act 1979 (Cth). This includes advice on the lawful collection and handling of personal information, undertaking Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIAs).
Our experienced Privacy and Information Law practitioners also provide advice and support on:
- compliance with the Privacy Act including advice on the collection, use and disclosure of personal information (including sensitive information)
- compliance with the Privacy (Tax File Number) Rule 2015 (Cth)
- undertaking privacy investigations, preparing statements of reasons and advising on remedy
- responding to APP 12 requests including preparing statements of reasons
- preparing responses to data breaches and privacy incidents and whether they reach the harm threshold under the Notifiable Data Breaches Scheme
- preparing Privacy Policies, Privacy Management Plans and collection notices
- undertaking PTAs and PIAs.
Our team also conducts training on a range of privacy issues for our clients’ internal teams, including on all aspects of the Privacy Act including privacy compliance 101, the treatment of employee records, Notifiable Data Breaches, direct marketing; as well as preparing intranet content and FAQs.
Privacy Act reform
Since 2020, the Attorney General’s Department has been undertaking a comprehensive review of the Privacy Act 1988 (Cth). The Privacy Act Review Report has now been released and the Attorney General's Department is currently seeking feedback to inform the Government's response to this report. The deadline for feedback on the Report is 31 March 2023.
For more insights and updates on Privacy Act reform, you can visit our Privacy Act Reform Hub.